Functional Safety, BU 0235 - NORD Drivesystems · BU 0235, July 2017 V 1.1 R2 Completion of a link to the TÜV certificate for frequency inverters with "Safe Shut-down Methods" 6072352

BU 0235 – en

Functional Safety Supplementary manual for series SK 250E-FDS

Functional Safety – Supplementary manual for series SK 250E-FDS

2 BU 0235 en-2917

Table of Contents 1 Introduction ................................................................................................................................................. 4

1.1 General .............................................................................................................................................. 4 1.1.1 Documentation ..................................................................................................................... 4 1.1.2 Document History ................................................................................................................. 4 1.1.3 About this manual ................................................................................................................. 5

1.2 Other applicable documents .............................................................................................................. 5 1.3 Presentation conventions ................................................................................................................... 5

1.3.1 Warning information ............................................................................................................. 5 1.3.2 Other information .................................................................................................................. 5

2 Safety, installation and operating instructions ......................................................................................... 6 3 Function description ................................................................................................................................... 9

3.1 Safe shut-down methods ................................................................................................................. 10 3.1.1 Safe Pulse Block ................................................................................................................ 10

3.2 Digital inputs (DIN1 / DIN4) .............................................................................................................. 11 3.3 Safety functions ............................................................................................................................... 12

3.3.1 Safe Torque Off, STO ......................................................................................................... 12 3.3.2 Safe Stop 1, SS1 ................................................................................................................ 12

3.4 Examples / Implementation .............................................................................................................. 13 3.4.1 STO function....................................................................................................................... 13 3.4.2 SS1 Function ...................................................................................................................... 15 3.4.3 Simple restart block ............................................................................................................ 16 3.4.4 Example without safe shut-down method ........................................................................... 17 3.4.5 Ruling out wiring faults ....................................................................................................... 18

4 Assembly and installation ........................................................................................................................ 20 4.1 Installation and assembly ................................................................................................................. 20 4.2 Electrical connection ........................................................................................................................ 20

4.2.1 Wiring guidelines ................................................................................................................ 20 4.2.2 Mains connection ................................................................................................................ 20 4.2.3 Control cable connections .................................................................................................. 21 4.2.3.1 Control level 21 4.2.3.2 Configuration of option slots on the control level 22 4.2.3.3 Control connection details 23

4.3 Details of the safe shut-down method .............................................................................................. 24 4.3.1 Safe shut-down method - Safe Pulse Block ....................................................................... 24 4.3.1.1 Operation with OSSD 24 4.3.1.2 EMC 24 4.3.1.3 Example – operation of multiple devices 25

5 commissioning .......................................................................................................................................... 26 5.1 Commissioning steps for STO ......................................................................................................... 27 5.2 Commissioning of SS1 ..................................................................................................................... 27 5.3 Validation ......................................................................................................................................... 28

6 Parameters ................................................................................................................................................. 29 6.1 Description of parameters ................................................................................................................ 29

6.1.1 Control terminals ................................................................................................................ 30 6.1.2 Additional parameters ......................................................................................................... 32

7 Operating status messages ..................................................................................................................... 33 8 Additional information .............................................................................................................................. 35

8.1 Protective switching devices ............................................................................................................ 35 8.1.1 Output voltage .................................................................................................................... 35 8.1.2 Switching capacity and current load ................................................................................... 35 8.1.3 OSSD outputs, test pulses ................................................................................................. 36

8.2 Safety categories ............................................................................................................................. 37 8.2.1 IEC 60204-1:2005 .............................................................................................................. 37 8.2.2 IEC 61800-5-2:2007 ........................................................................................................... 37 8.2.3 IEC 61508:2010 .................................................................................................................. 37 8.2.4 ISO 13849-1:2015 .............................................................................................................. 38

Table of Contents

BU 0235 en-2917 3

9 Technical Data ........................................................................................................................................... 39 9.1 Data for the Safe Pulse Block .......................................................................................................... 40 9.2 Data for digital inputs ....................................................................................................................... 41

10 Appendix .................................................................................................................................................... 42 10.1 Repair information ............................................................................................................................ 42 10.2 Service and commissioning information ........................................................................................... 43 10.3 Documents and software ................................................................................................................. 43 10.4 Certificates ....................................................................................................................................... 43 10.5 Abbreviations ................................................................................................................................... 44


4 BU 0235 en-2917

1 Introduction

1.1 General

1.1.1 Documentation

Name: BU 0235

Part number: 6072352

Series: Functional safety for frequency inverters from the series

NORDAC Link (SK 250E … SK 280E)

Scope of application: SK 260E-FDS, SK 280E-FDS

1.1.2 Document History

Issue Version Remarks

Order number Software

BU 0235, March 2017 V 1.1 R1 First issue 6072352/ 1217

BU 0235, July 2017 V 1.1 R2 Completion of a link to the TÜV certificate for frequency inverters with "Safe Shut-down Methods"

6072352/ 2917

1 Introduction

BU 0235 en-2917 5

1.1.3 About this manual This manual is intended to help you with the commissioning of the "Safe Stop" function (STO or SS1) of a frequency inverter or motor starter from Getriebebau NORD GmbH & Co. KG (NORD). It is intended for all qualified electricians who plan, install and set up corresponding drive solutions ( Section 2 "Safety, installation and operating instructions"). The information in this manual assumes that the qualified electricians who are entrusted with this work are familiar with the handling of electronic drive technology, in particular with NORD devices.

This manual only contains information and descriptions of the functional safety and additional information which is relevant for the functional safety of frequency inverters manufactured by Getriebebau NORD GmbH & Co. KG.

1.2 Other applicable documents This document is only valid in combination with the operating instructions for the frequency inverter which is used. Safe commissioning of the drive application depends on the availability of the information contained in this document.. A list of the documents can be found in Section 10.3 "Documents and software".

The necessary documents can be found under www.nord.com.

1.3 Presentation conventions

1.3.1 Warning information Warning information for the safety of the user and the bus interfaces are indicated as follows:

DANGER

This warning information warns against personal risks, which may cause severe injury or death.

WARNING

This warning information warns against personal risks, which may cause severe injury or death.

CAUTION

This warning information warns against personal risks, which may cause slight or moderate injuries.

NOTICE

This warning warns against damage to material.

1.3.2 Other information

Information This information shows hints and important information.

http://www.nord.com/


6 BU 0235 en-2917

2 Safety, installation and operating instructions

Before working on or with the device, please read the following safety instructions extremely carefully. Please pay attention to all other information from the device manual.

Non-compliance can result in serious or fatal injuries and damage to the device or its surroundings.

These safety instructions must be kept in a safe place!

1. General During operation, depending on their protection class, devices may have live bare components as well as hot surfaces.

The device operates with a dangerous voltage. Dangerous voltage may be present at the supply lines, contact strips and PCBs of all connecting terminals (e.g. mains input, motor connection), even if the device is not working or the motor is not rotating (e.g. caused by electronic disable, jamming of the drive or a short circuit at the output terminals).

The device is not equipped with a mains switch and is therefore always live when connected to the power supply.

Even if the drive unit has been disconnected from the mains, a connected motor may rotate and possibly generate a dangerous voltage.

If you come into contact with dangerous voltage such as this, there is a risk of an electric shock, which can lead to serious or fatal injuries.

Unauthorised removal of covers, improper use, incorrect installation or operation causes a risk of serious personal injury or material damage.

The heat sink and all other metal components can heat up to temperatures above 70 °C.

Touching parts such as this can result in local burns to the body parts concerned (cooling times and clearance from neighbouring components must be complied with).

Further information can be found in this documentation.

All transportation, installation, commissioning and maintenance work must be carried out by qualified experts (pay attention to IEC 364 or CENELEC HD 384 or DIN VDE 0100 and IEC 664 or DIN VDE 0110 and the national accident prevention regulations).

2. Qualified experts For the purposes of these basic safety instructions, qualified personnel are persons who are familiar with the assembly, installation, commissioning and operation of this product and who have the relevant qualifications for their work.

Furthermore, the device and the associated accessories may only be installed and started up by qualified electricians. An electrician is a person who, because of their technical training and experience, has sufficient knowledge with regard to

• switching on, switching off, isolating, earthing and marking power circuits and devices, • proper maintenance and use of protective devices in accordance with defined safety standards.

3. Correct purpose of use – general The frequency inverters are devices for industrial and commercial systems used for the operation of three-phase asynchronous motors with squirrel-cage rotors and Permanent Magnet Synchronous Motors – PMSM. These motors must be suitable for operation with frequency inverters, other loads must not be connected to the devices.

The devices are components intended for installation in electrical systems or machines.

2 Safety, installation and operating instructions

BU 0235 en-2917 7

Technical data and information for connection conditions can be found on the rating plate and in the documentation, and must be complied with.

The devices may only be used for safety functions which are described and explicitly approved.

CE-labelled devices fulfil the requirements of the Low Voltage Directive 2014/35/EU. The stated harmonized standards for the devices are used in the declaration of conformity.

a. Supplement: Correct purpose of use within the European Union

When installed in machines, the devices must not be commissioned (i.e. commencement of proper use) until it has been ensured that the machine fulfils the provisions of EC Directive 2006/42/EC (Machinery Directive); EN 60204 must also be complied with. Commissioning (i.e. start-up of proper use) is only permitted if the EMC directive (2014/30/EU) has been complied with.

b. Supplement: Correct purpose of use outside the European Union

The local conditions of the operator for the installation and commissioning of the device must be complied with at the usage location (see also "a) Supplement: Correct purpose of use within the European Union").

4. Transport, storage The information in the manual regarding transport, storage and correct handling must be complied with.

5. Installation Ensure that the device and the motor are specified for the correct supply voltage.

The installation and cooling of the equipment must be implemented according to the regulations in the corresponding documentation.

The devices must be protected against impermissible loads. Especially during transport and handling, components must not be deformed and/or insulation distances must not be changed. Touching of electronic components and contacts must be avoided.

The devices contain electrostatically sensitive components, which can be easily damaged by incorrect handling. Electrical components must not be mechanically damaged or destroyed (this may cause a health hazard!).

6. Electrical connection Installation and work must not be carried out unless the device has been disconnected from the voltage and at least 5 minutes has elapsed since the mains was switched off! (The equipment may continue to carry hazardous voltages for up to 5 minutes after being switched off at the mains).

When working on live devices, the applicable national accident prevention regulations must be complied with (e.g. BGV A3, formerly VBG 4).

The electrical installation must be implemented as per the applicable regulations (e.g. cable cross-section, fuses, earth lead connections). Further instructions can be found in the documentation.

Information regarding EMC-compliant installation (such as shielding, earthing, location of filters and routing of cables) can be found in the documentation for the devices. CE marked devices must also comply with these instructions. Compliance with the limit values specified in the EMC regulations is the responsibility of the manufacturer of the system or machine.

In case of a fault, insufficient earthing may cause an electric shock with possibly fatal consequences if the device is touched.

Because of this, the device is only intended for permanent connection and may not be operated without effective earthing connections which comply with local regulations for large leakage currents (> 3.5 mA).


8 BU 0235 en-2917

The voltage supply of the device may directly or indirectly put it into operation, or touching electrically conducting components may then cause an electric shock with possible fatal consequences.

All phases of all power connections (e.g. power supply) must always be disconnected.

7. Operation Do not use defective devices or devices with defective or damaged housings or missing covers. Otherwise there is a risk of serious or fatal injuries caused by electric shock or bursting electrical components such as powerful electrolytic capacitors.

Where necessary, systems in which the devices are installed must be equipped with additional monitoring and protective equipment according to the applicable safety requirements (e.g. legislation concerning technical equipment, accident prevention regulations, etc.).

The parametrisation and configuration of the devices must be selected so that no hazards can occur.

All covers must be kept closed during operation.

With certain setting conditions, the device or the motor which is connected to it may start automatically when the mains are switched on. The machinery which it drives (press / chain hoist / roller / fan etc.) may then make an unexpected movement. This may cause various injuries, including to third parties.

Before switching on the mains, secure the danger area by warning and removing all persons from the danger area.

8. Maintenance and repairs

Live equipment components and power connections should not be touched immediately after disconnecting the devices from the power supply because of possible charged capacitors. Observe the applicable information signs located on the device.

Further information can be found in this documentation.

9. Potentially explosive environment (ATEX) The device is not approved for operation or maintenance work in potentially explosive environments (ATEX).

3 Function description

BU 0235 en-2917 9


To avoid danger to persons and to prevent damage to material, machines must be able to be switched off safely. The frequency inverters stated in this document provide safe shut-down methods.

The following basic explanation of the function of a frequency inverter serves to provide better understanding of the function of safe shut-down methods:

The mains voltages are rectified and the resulting DC links circuit voltage is reconverted to AC according to the requirements of the operating status of the motor (frequency and voltage).

The semiconductor switches of the inverter (T1 to T6) are controlled by a highly complex pulse pattern. This pulse pattern is generated by the micro-controller (µC) and amplified by the driver. The drivers convert the logic signals on the control voltages of the semiconductor switch. The semiconductor switches are switched via the control voltage and the pulse pattern is amplified and applied to the motor terminals. Due to the low-pass effect of the motor, a three-phase pulse width modulated sine wave voltage, a three-phase system, results from the pulsed voltage. The motor generates a torque.

1 I/O fast stop

2 Micro-controller

3 Logic

4 Driver

5 Undervoltage detection, current limitation

6 Input circuits

7 Option "Safe Pulse Block"

8 DC/DC converter, connected depending on the version

Figure 1: Structure of Safe Pulse Block

By the use and combination of safe shut-down methods and digital inputs (DIN1 / DIN4) the safety-related stop functions STO and SS1 as well as a simple restart block can be implemented with various safety and performance levels.


10 BU 0235 en-2917

3.1 Safe shut-down methods With a safe shut-down method, the torque is switched off and a stop function is carried out. As this has priority over other control functions this stop-function is suitable for stopping in emergencies. This function is known as "Safe Torque Off" or STO.

The safe switch-off of the torque according to the STO safety function depends on the interruption of the flow of current to the motor.

The following switch-off methods are available for this:

• “Safe Pulse Block“

It is also possible to first stop the motor in a controlled manner and then to switch off the torque. This function is referred to as "Safe Stop 1" or SS1

3.1.1 Safe Pulse Block Devices equipped with a "Safe Pulse Block" have an additional DC/DC converter, which produces the supply voltage for the driver from a 24V supply (Contacts 24V_SH, GND_SH).

If the external 24 V voltage is switched off then the DC/DC converter does not transmit any power to the drivers. As the drivers are now no longer supplied with power, no pulses reach the semiconductor switches (T1 to T6) of the inverter. The flow of current in the semiconductor switches and in the motor is interrupted i.e. after a certain reaction time of the electronics and the reduction time of the motor current, the motor does not develop a driving torque.

The switch-off of the 24V supply via contacts 24V_SH, GND_SH must be carried out by a fail-safe switching device. For this, either the contact 24V_SH or the connection GND_SH contact may be disconnected from the 24V source. Preferably, the 24V_SH connection is disconnected

Safety output Safety output Safety output Frequency inverter or or


BU 0235 en-2917 11

3.2 Digital inputs (DIN1 / DIN4) In order to implement a safety function, the digital inputs (DIN1 / DIN4)can be used as auxiliary inputs, e.g. for the triggering of a braking process. It should be noted that the digital inputs only fulfil minimum safety requirements. A safe shut-down method is always required!

The digital inputs, further I/Os and the 24 V supply have a common earth. This means that a digital input may only be switched off by disconnection of its connection. Switch-off via GND is not possible! Safety output Safety output Safety output Filter for

OSSD Frequency inverter

(optional)

When operating with an OSSD a filter is only required for environments with high levels of interference.

If only low levels of functional safety are required, the safety function can also be implemented with the digital inputs. It is recommended that this is only considered if the risk assessment has shown that slight (normally temporary) injuries could result on failure of the safety function (see also Section 8.2). In case of doubt, a safe shut-down method should always be used.

WARNING Loss of safety function

Digital input DIN4 can optionally be connected via M1 or M2.

Parallel connection of DIN4 to M1 und M2 with different sensor signals or from different signal sources causes a loss of the safety function, as for technical reasons, overlapping of the signals cannot be excluded. Parallel connection is therefore not permissible


12 BU 0235 en-2917

3.3 Safety functions

WARNING Mechanical brake failure

Control of a mechanical brake by means of the frequency inverter is not fail-safe!

Triggering of the "STO" function causes the application of a mechanical brake which is controlled by the frequency inverter. The brake takes on the entire load of the drive units with all of its rotating masses and attempts to stop it.

A brake which is not designed for this (e.g. a holding brake) may be damaged and may fail. This can result in severe or even fatal injuries or damage to the system, e.g. due to falling loads (lifting gear).

Therefore, with the use of a brake • This must be designed as an operating brake, or • It must be ensured that the drive unit is stopped before the "STO" function is activated.

3.3.1 Safe Torque Off, STO With the STO function the drive torque is switched off as quickly as possible (see Technical Data Reaction Time) and the drive (motor and machine) runs down to a standstill. This behaviour corresponds to stop category 0 (uncontrolled braking) according to EN 60204-1. Therefore an undefined time elapses before the drive unit does not carry out any further hazardous movement and a safe state is achieved. Detection of whether or when the drive unit has achieved a safe state is not integrated into the frequency inverter.

Depending on the switching equipment used and the use of a safe shut-down method, an STO function with Safety Category 4 as per DIN EN ISO 13849-1 can be implemented.

3.3.2 Safe Stop 1, SS1 With the function SS1 the motor is initially braked by the frequency inverter. After standstill, the function STO is switched to. This behaviour corresponds to stop category 1 (controlled braking) according to EN 60204-1. Switching to the STO function can be monitored after reaching standstill or can be carried out via a fail-safe timing relay (delayed output of a safety circuit device).

Information Controlled braking Controlled braking is triggered via a digital input and only complies with low safety requirements!

If controlled braking fails, the function switches over to STO.

If necessary, the braking process must be monitored.


BU 0235 en-2917 13

3.4 Examples / Implementation The following illustrates several examples of solutions for the safety functions STO and SS1.

3.4.1 STO function Implementation of a safety function usually requires the use of a protective switching device. The safety category of the function is determined by the component with the lowest category.

Emergency stop button

Safety switching device Shielded cables 1) Frequency inverter

Use of the "Safe Pulse

Block"

Reset

1) Shielded cables to exclude faults as per DIN EN ISO 13849-2

1 Supply voltage 2 Reset circuit 3 Input circuit with cross-circuit detection 4 Safety output

In this example, Safety Category 4 as per DIN ISO 13849-1 can be achieved. The prerequisite for this is that the emergency stop button, the protective switching device and the wiring fulfil the requirements for Category 4. For example, this can be achieved as follows:

• Redundant protective switching device with self-monitoring • Dual-channel input circuit with cross-wire recognition (and appropriate emergency stop button) • Safety output with periodic switch-off tests (OSSD) • Exclusion of faults as per DIN ISO 13849-2 for the wiring between the switching device and the input

terminals of the safe shut-down method, by the use of a shielded cable and connection of the shield at both ends.

If the "Safe Pulse Block" is triggered for an enabled frequency inverter, this results in an error E018 (18.0 "Safety Circuit ").

To prevent this, a digital input (DIN1 / DIN4) can be parameterised with the function "10" ("Block Voltage").

The typical reaction time can be reduced by the additional use of a digital input. A second safety output is required to control the digital input.


14 BU 0235 en-2917

This solution is preferable, especially in cases where the switching device only checks its safety outputs in the course of an enabling cycle, as is the case with some electro-mechanical switching devices. A suitable checking interval must be specified according to the safety requirements.




Block"

Reset


1 Supply voltage 2 Reset circuit 3 Input circuit with cross-circuit detection 4 Safety output 1 5 Safety output 2 6 Filter for OSSD (optional) – only necessary in environments with high levels of interference

A separate shielded cable must be used for connecting each of the safety outputs! However, with the use of a protective switching device with cross-circuit monitoring of OSSD outputs, the cables of both safety outputs can also be run in a common shielded cable.

The requirements for Safety Category 4 are only fulfilled by the "Safe Pulse Block" function. The digital inputs (DIN1 / DIN4) only achieve Safety Category 1 and PL c (Performance Level c).

During the period between activation of the safety function via a digital input and activation of the STO via the connections "24 V SH" and "GND SH" the frequency inverter can also only fulfil Safety Category 1 and PL c.


BU 0235 en-2917 15

3.4.2 SS1 Function A digital input is always necessary in order to implement the SS1 function. With this digital input, a braking action is initiated by the frequency inverter. For this, the digital input is parameterised to the function "11"(Fast Stop).




Block"

Reset


1 Supply voltage 2 Reset circuit 3 Input circuit with cross-circuit detection 4 Safety output 1 (delayed) 5 Safety output 2 6 Filter for OSSD (optional) – only necessary in environments with high levels of interference

Actuation of the emergency stop button (call-up of the safety function) initially triggers a controlled braking action via a digital input "DIN". In this case it must be ensured that the drive is brought to standstill within the parameterised fast stop time P426. After a delay time which is controlled by a protective switching device, STO is triggered. The delay time must be dimensioned so that the delay is longer than the fast stop time plus the DC run-on time P559. The delay time must be selected so as to be fail-safe.

After the delay time which is set in the protective switching device has elapsed, the frequency inverter always switches to the STO function. This also applies in the case of failure of the controlled braking action.

A separate shielded cable must be used for connecting each of the safety outputs! However, with the use of a protective switching device with cross-circuit monitoring of OSSD outputs, the cables of both safety outputs can also be run in a common shielded cable.

The requirements for Safety Category 4 are only fulfilled by the "Safe Pulse Block" function. The digital inputs (DIN1 / DIN4) only achieve Safety Category 1 and PL c (Performance Level c).

During the period between activation of the safety function via a digital input and activation of the STO via the connections "24 V SH" and "GND SH" the frequency inverter can also only fulfil Safety Category 1 and PL c.


16 BU 0235 en-2917

3.4.3 Simple restart block Safety Category 4 as per DIN ISO 13849-1 can be achieved with a direct dual-channel triggering of the "Safe Pulse Block" with the aid of a safe switching element. The following illustration shows an example with an emergency stop switch (positively opening contacts, Safety Category 4).

Emergency stop button Shielded cables 1) Frequency inverter


To achieve Safety Category 4, fault exclusion as per EN 13849-2 Section D.5 must be possible for the upstream components (hard-wiring and dual-channel button with independent, positive-opening contacts) i.e., in this example, the emergency-stop button and the wiring must be designed in such a way that short-circuiting at the emergency-stop button and to other live systems can be ruled out.

In this example, there is no reset circuit as is the case with the protective switching devices. If the result of risk analysis is that cancellation of the stop command must be acknowledged by intended manual action, then the resetting requirements can be fulfilled organisationally (e.g. by an emergency stop button with key releasing device and storage of the key away from the machine).

If the "Safe Pulse Block" is triggered for an enabled frequency inverter, this results in an error E018 (18.0 "Safety Circuit ").

Information Functions P428 and P506 With use of the function P506 "Automatic Fault Acknowledgement" And P428 "Automatic Start" (refer to the description in the manual BU 0250) the drive unit starts immediately after the emergency stop button has been released. Because of this, it is urgently recommended that these functions are not used in combination and especially not for safety-relevant applications.


BU 0235 en-2917 17

3.4.4 Example without safe shut-down method It is only possible to implement the safety functions STO or SS1 with a digital input and a protective switching device. However, with this switching variant, according to DIN EN ISO 13849-1 the maximum safety category which can be achieved is Safety Category 1. However, the condition for this is that in addition to the digital input, all other components (protective switching device, emergency stop button, wiring) also fulfil the requirements for Category 1.


Protective switching device Shielded cables 1) Frequency inverter

Use of a digital input Reset


1 Supply voltage 2 Reset circuit 3 Input circuit with cross-circuit detection 4 Not available 5 Safety output 6 Filter for OSSD (optional) – only necessary in environments with high levels of interference

To implement the safety function STO, the digital input is parameterised to function "10" (Block Voltage).

For the safety function SS1 the digital input is parameterised with function "11" ("Fast Stop"). The fast stop time is set via parameter P426. It must be ensured that the drive is actually brought to standstill within the parameterised fast stop time.

Information Safety category Implementation of safety switching without a safe shut-down method (as described above) only enables compliance with Safety Category 1 (or Performance Level c) as a maximum. This switching variant also does not have SIL capability ( Section 8.2 "Safety categories")

This switching version should therefore only be considered if only low requirements for functional safety need to be fulfilled and if the risk assessment has shown that failure of the safety function can only result in slight (usually temporary) injuries (Section 8.2 "Safety categories"). In case of doubt, a safe shut-down method should always be used ( Section 3.1 "Safe shut-down methods")


18 BU 0235 en-2917

3.4.5 Ruling out wiring faults In the examples above, a separate shielded cable, whose shield is connected at both ends is used for each of the inputs which are used for the implementation of the safety function (see also the following illustration). These measures serve to rule out faults as per DIN EN ISO 13849-2 in case of a short circuit between any of the conductors.

This exclusion of faults is necessary in order to fulfil the requirements of Safety Category 4 as per DIN EN ISO 13849-1. This means that, neither a single detected fault or an accumulation of undetected faults can result in the loss of the safety function. A short circuit from an external voltage, e.g. from a 24V control cable, to the 24V input of a safe shut-down method could lead to the loss of a safety function i.e. this fault must be prevented by means of suitable measures.

The use of a separate shielded cable for each input is not mandatory. For example, the cables for the digital inputs and the safe shut-down method may be jointly run in a shielded cable, if the monitored safety outputs of the switching device are equipped with cross-circuit detection (see the following illustration). If necessary, the effectiveness of the short-circuit detection must be demonstrated.

Safety output on the safety switching device

Shielded cables 1) Frequency inverter


Block"

Mon

itore

d ou

tput

s w

ithou

t cr

oss-

circ

uit d

etec

tion

Output 1

Output 2

Mon

itore

d ou

tput

s w

ith c

ross

-ci

rcui

t det

ectio

n

Output 1

Output 2

1) Shielded cable to exclude faults as per DIN EN ISO 13849-2, for connection of the safety outputs to a digital input with optional filter for OSSD (only necessary in environments with high levels of interference).

Other measures (separate cable duct, installation in armoured conduit, etc.) are possible. More precise details result from the risk assessment and the FMEA for the specific application.

For the "Safe Pulse Block" it is also conceivable that this is triggered via two safety outputs, one switching the 24 V output and the other switching the GND output.


BU 0235 en-2917 19

Safety output on the safety switching device

Connection cable Frequency inverter

Use of the "safe pulse block"

Mon

itore

d ou

tput

s Output 1

Output 2

In this case a shielded cable is not strictly necessary if both safety outputs are monitored. If, for example, other 24V control cables are laid in the same cable duct and a fault in the form of a short-circuit from 24V_SH to a control cable (=24 V) is assumed, this fault would be detected by the output monitoring of the switching device and the "Safe Pulse Block" would be triggered by the second safety output. More precise details result from the FMEA for the specific application.

If a shielded cable is not used for the wiring of the safety function, the effects of electromagnetic fields may need to be taken into account. Hence the use of a 1 m long cable (in a separate cable duct) in an environment without strong electromagnetic fields is relatively safe, while the installation of a long cable in the direct vicinity of a powerful transmitter or a medium voltage distributor may cause the failure of the safety function. Because of this, the use of shielded cables is generally recommended.


20 BU 0235 en-2917

4 Assembly and installation

The installation instructions contained in this manual only deal with issues that are related to functional safety. For further information, please refer to the manual for the relevant frequency inverter (BU 0250).

4.1 Installation and assembly The installation instructions in BU 0250 must be observed!

4.2 Electrical connection The information for installation or electrical connection from the manual BU 0250 as well as all of the following information must be observed.

WARNING Electric shock

Touching electrically conducting components may cause an electric shock and severe or possibly fatal injury. • Disconnect the frequency inverter from the power supply before starting installation work. • Only work on devices which have been disconnected from the power supply.


The frequency inverter carries hazardous voltage for up to 5 minutes after being switched off. • Only start work after a waiting period of at least 5 minutes after switching off the mains supply

(disconnection).

4.2.1 Wiring guidelines The wiring guidelines from the frequency inverter manual (BU 0250) apply!

4.2.2 Mains connection Devices which implement a safety function may only be operated on TN and TT networks. The equipment has not been designed for operation at IT and "Grounded Corner" networks.


BU 0235 en-2917 21

4.2.3 Control cable connections

Electrical connections are made exclusively with plug connectors.

4.2.3.1 Control level

Position: front

The configuration and functions of the individual option slots are variable. They are directly influenced by the customer's specification, but are also indirectly dependent on the further features.

The meaning of the LEDs which are assigned for each option slot is also dependent.

D1 = E1 = H1 = H2 = M1 = … M8 =

Diagnostic opening Status indicators (LEDs) Control element 1 Control element 2 Signal connections


22 BU 0235 en-2917

4.2.3.2 Configuration of option slots on the control level

The option slots M1 to M8 are designed for M12 plug connectors. The configuration of the connections or functions for the individual option slots which are relevant for the frequency inverter is printed directly on the option slot. Only those functions which can be associated with the safe stop function are stated below.

Option slot Option type

Function Relevant parameters

Comments

M1 a No option b Initiator 1 INI1 DIN1 P420[-01] DIN4 P420[-04]

M2 a No option b Initiator 2 INI2 DIN4 P420[-04]

M3 a No option b Actuator 1 Act1 DOUT1 P434[-01] DOUT2 P434[-02]

M4 a No option b Actuator 2 Act2 DOUT2 P434[-02]

M6 a Safe Stop STO

Plug connections for M12 plug connectors

Depending on the function, 5-pin M12 surface mounted plug connectors with coloured sockets or plug inserts are installed. The colours reflect the functional assignment of the plug connector and therefore enable easy identification on the FI. The same applies for the colour coding of the cover caps.

The following plug connectors may be used on the device, depending on the customer's specification.

Only those functions associated with the Safe Stop function are stated.

Option slots M1 to M8

Function Plug connectors Option slot

Contact diagram Contact assignments

1 2 3 4 5 No. Colour

DIN1 / DIN4

24 V DIN4 GND DIN1 PE M1 black DIN4 24 V GND DIN4 PE M2 black DOUT1 / DOUT2 24 V DOUT2 GND DOUT1 PE M3 black DOUT2 24 V GND DOUT2 PE M4 black STO GND SH 24 V SH M6 yellow


BU 0235 en-2917 23

4.2.3.3 Control connection details

Meaning, Functions Description / Technical data Contact Parameter (designation) Meaning No. Function of factory setting

Digital outputs Signalling of the operating statuses of the FI according to EN 61131-2 24 V DC With inductive loads: Provide protection via free-wheeling diode!

Maximum load 50 mA

DOUT1 Digital output 1 P434 [-01] No function DOUT2 Digital output 2 P434 [-02] No function

Information for bus control: The digital outputs can be set with the user bits in the control word. DOUT1: P480 [-11] = Control word Bit 8 DOUT2: P480 [-12] = Control word Bit 9

Information Digital output A digital output can be used to indicate the status of the "Safe Pulse Block". It should be noted that this status indication is not fail-safe.

Digital inputs Actuation of device via an external controller, switch or similar according to EN 61131-2, type 1 Low: 0-5 V (~ 9.5 kΩ) High: 15-30 V (~ 2.5 - 3.5 kΩ) Scan time: 1 ms Reaction time: 4 - 5 ms

Input capacitance 10 nF (DIN1, DIN4)

DIN1 Digital input 1 P420 [-01] No function DIN4 Digital input 4 P420 [-04] No function

Functional Safety "Safe Stop"

Fail-safe input Details: BU0235, “Technical data” The input is always active. In order to make the FI ready for

operation, this input must be provided with the required voltage.

24V SH 24 V input - - GND SH Reference potential - -


24 BU 0235 en-2917

4.3 Details of the safe shut-down method

4.3.1 Safe shut-down method - Safe Pulse Block A two-wire shielded cable must be used for the "Safe Pulse Block". The shield must be applied on both sides! The voltage drop in the cable must not exceed the following values:

• Mechanical protective switching device: ΔUCable ≤ 3 V • Electronic protective switching device: ΔUCable ≤ 1 V.

IIN,Peak( Section 9 "Technical Data" should be used to calculate the peak current.

4.3.1.1 Operation with OSSD

The Safe Pulse Block is specially designed for use with an OSSD.

The capacity between the wires (including the shield capacities) must not exceed a value of x = 10 nF for each frequency inverter which is connected.

The value x is determined as follows:

x = 2 nF * t_OSSD / 0.1 ms where t_OSSD = Width of the test pulse, max. 0.5 ms

Additional restrictions may apply with regard to the protective switching device.

4.3.1.2 EMC

The EMC guideline values ( Manual BU 0250) can be complied with EMC-compliant wiring up to a cable length of 100 m between the protective switching device and the frequency inverter.


BU 0235 en-2917 25

4.3.1.3 Example – operation of multiple devices

When operating several frequency inverters with one protective switching device, the switching capacity of the switching device and the load rating of the 24 V mains unit must be observed.

The shield must be correctly connected ( Illustrations in Section 3.1 "Safe shut-down methods").

The permissible voltage drops in the cable must be observed!

Example Given:

– 4 frequency inverters are connected to an electronic protective switching device. – The frequency inverters are located adjacent to each other in a system. – 20 m must be bridged between the frequency inverters and the protective switching device. – A 2 x 1.5 mm2 cable is used.

The following applies:

qlR CU *ρ= with

kmmm

CU

2

*19Ω≅ρ

=PeakINI , 0.5 A ( Section 9 "Technical Data" )

Solution

Double the length of cable must be used because line drops occur in both wires.

Ω≅ 5.0R

ΔUCable = R * No.FU * IIN,Peak = 0.5 Ω * 4 * 0.5 A = 1 V

ΔUCable ≤ 1 V o.k.


26 BU 0235 en-2917

5 commissioning


Dangerous voltages may be present at the plug contacts for the power connections (e.g. mains cable) even when the FI is not in operation. • Do not touch any contacts • Protect connections which are not required with the cover caps provided.


There may be a hazardous voltage at the motor connection contacts, even if the Safe Stop ("STO" function) is active. • Do not touch any contacts • Protect connections which are not required with the cover caps provided

Only the specific matters for functional safety during commissioning are considered in the following. For a detailed section for commissioning the FI and its basic or standard functions, as well as all of the necessary FI parameters, please refer to the frequency inverter manual BU 0250.

For the implementation of a safety function (STO or SS1), in addition to a safe shut-down method, a digital input is used, which should be assigned a special function. Because of this, when commissioning, a PC with an RS232/458 interface, or alternatively a SimpleBox/ParameterBox is required for parameterisation.

5 commissioning

BU 0235 en-2917 27

5.1 Commissioning steps for STO • A safety output of the protective switching device is connected to a safe shut-down method

( Section 3.1 "Safe shut-down methods").

Depending on the required safety category, if necessary, a wiring fault (short-circuit between any particular wires) must be able to be excluded. It is recommended that a two-conductor shielded cable is used for the safe shut-down method and that the shield is correctly connected ( Section 3.4.5 "Ruling out wiring faults").

• The typical reaction time can be reduced by the additional use of a digital input.

For this, one of the digital inputs (DIN1 / DIN4) is parameterised with function "10" (block voltage). For this, it essential that the different reference potentials are observed. It is recommended that a separate shielded cable is used for each safe shut-down method and for the digital inputs used for functional safety, and that the shields are correctly connected ( Section 3.4.5 "Ruling out wiring faults").

• The switching delay of the of the relevant digital input (see parameter P475) must not be used (setting "0").

• Depending on the application, disabling of the safety function may cause a hazard, so that a monitored start is necessary. In this case the "Automatic Start" (P428) must not be used (setting "0").

5.2 Commissioning of SS1 • A safety output of the protective switching device is connected to a digital input( Section 3.4.2

"SS1 Function").

It is recommended that a two-conductor shielded cable is used and that the shield is correctly connected ( Section 3.4.5 "Ruling out wiring faults").

• A safe shut-down method is connected to a time-delayed safety output of the protective switching device. ( Section 3.1 "Safe shut-down methods").

It is recommended that a separate two-wire shielded cable is used for this. The cable shield must be connected at both ends ( Section 3.4.5 "Ruling out wiring faults").

• The selected digital input must be parameterised with function "11" (Fast Stop).

WARNING Danger of injury due to failure of SS1

The braking characteristics of the drive unit can be influenced by various factors. Therefore, the mode "Safe Stop 1" may possibly not be correctly complied with.

In order to prevent hazards due to this, by means of a final validation in the course of commissioning it must be demonstrated that with the particular settings the requirements for the special intended use are fulfilled, and that the device will at no time be operated outside of its rated data.

For the function SS1, parameter P426 (Fast Stop Time) and if necessary P559, "(DC run-on time) must be parameterised according to the requirements of the application. The delay time of the delayed safety output of the protective switching device must be rated so that it is longer than the fast stop time plus the DC run-on time. The actual stopping time for the drive unit depends on various factors. It may deviate for the parameterised fast stop time P426) if, for example, one or more of the following events occur during the active fast stop.

– Achievement / Exceeding of the power limits of the FI


28 BU 0235 en-2917

– Achievement / Exceeding of one or more parameterised limit values, (e.g.: P112, P536, P537) – Use of direct current braking (function "Immediate DC Braking") in parameter P108.

With the use of the shut-down mode "Immediate DC Braking" the fast stop time is not taken into account. The same braking time (resulting from the settings in P109, P110) is used as for shut-down.

In unfavourable cases, the drive unit cannot be braked to a standstill during the parameterised fast stop time. Before the elapse of the parameterised fast stop time it switches to the the "Safe Torque Switch Off" mode (STO) and runs to a standstill.

• The switching delay of the of the relevant digital input (see parameter P475) must not be used (setting "0").

• Depending on the application, disabling of the safety function may cause a hazard, so that a monitored start is necessary. In this case the "Automatic Start" (P428) must not be used (setting "0").

5.3 Validation It must be proven by suitable validation that the requirements for the specially intended purpose have been met.

6 Parameters

BU 0235 en-2917 29

6 Parameters

The following only lists the specific parameters and display and setting options for the Functional Safety technology function. For a detailed overview of all available parameters, please refer to the frequency inverter manual BU 0250.

Information Relevant parameters for STO or SS1 In order to implement the function STO, depending on the digital input which is used, the parameters for the digital input must be set to function "10" ("Block Voltage").

For the function SS1 the parameter of the relevant digital input is set to function "11" ("Fast Stop"). In addition, the "Fast Stop Time" must be entered in parameter P426 and the “DC Run-on Time" must be entered in parameter P559.

For the function SS1 the "Fast Stop Time" must be set so that the drive unit actually comes to a standstill within the stated time. The “DC Run-on Time follows after the “Fast Stop Time “.

The delay time of the delayed output of the protective switching device must be set so that it is longer than the parameterised values for the "Fast Stop Time"plus the "DC Run-on Time “.

6.1 Description of parameters

P000 (parameter number) Operating display (parameter name) xx 1) S P

Setting range (or display range)

Display of typical display format (e.g. (bin = binary)) of possible setting range and number of decimal places

Other applicable parameter(s):

List of other parameters that are directly associated

Arrays [-01] If parameters have a substructure in several arrays, this is shown here.

Factory setting 0 Default setting that the parameters typically have in the as-delivered condition of the device or to which it is set after carrying out "Restore factory settings" (see parameter P523).

Scope of Application List of device variants to which this parameter applies. If the parameter is generally valid, i.e. for the entire model series, this line is omitted.

Description Description, functionality, meaning and the like for this parameter.

Note Additional notes about this parameter

Setting values (and display values)

List of possible settings with description of the respective functions

1) xx = other identification

Figure 2: Explanation of parameter description

Information Description of parameters Unused lines of information are not listed.

Note / Explanation:

Code Designation Meaning

S Supervisor-Parameter The parameter can now be displayed and modified if the relevant supervisor code has been set (see parameter P003).

P Parameter set-dependent The parameter provides different setting options that are dependent upon the selected parameter set.


30 BU 0235 en-2917

6.1.1 Control terminals

P420 Digital inputs

Arrays [-01] … [-07] Scope of Application (DIN1 / DIN4) Description Assignment of functions for the digital input Setting values Value Meaning

0 Off The input is not used.

10 Disable voltage (coast to stop) The FI output voltage is switched off; the motor runs down freely. Low

11 Emergency stop The FI reduces the frequency according to the programmed fast stop time P426. 1) Low

1) Exception: P108, setting "Immediate DC Braking" With the use of the shut-down mode "Immediate DC

Braking" the fast stop time is not taken into account. The same braking time (resulting from the settings in P109, P110) is used as for shut-down.

P426 Quick stop time S P

Description Setting of the stop time for the fast stop function which can be triggered either via a digital input, the bus control, the keyboard or automatically in case of a fault. The quick stop time is the time for the linear frequency decrease from the set maximum frequency (P105) to 0 Hz. If an actual setpoint <100 % is being used, the emergency stop time is reduced correspondingly.

Setting values 0.01 … 320.00 WARNING! Danger of injury due to failure of SS1

The braking characteristics of the drive unit can be influenced by various factors. Therefore, the mode "Safe Stop 1" may possibly not be correctly complied with. In order to prevent hazards due to this, by means of a final validation in the course of commissioning it must be demonstrated that with the particular settings the requirements for the special intended use are fulfilled, and that the device will at no time be operated outside of its rated data.

P428 Automatic starting S P

Setting range 0 … 1

Description Decision as to whether the frequency inverter should react to an enable signal. Setting values Value Meaning

0 Off The device expects a flank (signal change "low high") at the digital input which has been parametrised to "Enable" in order to start the drive. If the device is switched on with an active enable signal (mains voltage on), it immediately switches to "Switch-on block).

1 On The device expects a signal level ("high") at the digital input which

has been parametrised to "Enable" in order to start the drive. NOTICE! Danger of injury! Drive starts up immediately!

6 Parameters

BU 0235 en-2917 31

P434 Digital output function

Arrays [-01] … [-02] Description Assignment of functions for the digital output Setting values Value Meaning

0 Off The output is not used.

01 External brake For control of a mechanical brake on the motor. For details see BU 0250 WARNING: Brake failure! The control is not fail-safe! Design the brake as an operating brake. Ensure that the drive is brought to a standstill before "STO" becomes active.

07 Fault General error message. For details see BU 0250

39 STO inactive This function depicts the reaction of the "safe pulse block".

The signal drops (High Low) when STO and Safe Stop are active.

P481 Function BusIO Out Bits S

Arrays [-01] … [-10] Description Assignment of functions for Bus IO Out Bits. The Bus IO In Bits are treated as digital

outputs by the frequency inverter. Setting values Value Meaning

0 Off The output is not used.

01 External brake For control of a mechanical brake on the motor. For details see BU 0250 WARNING: Brake failure! The control is not fail-safe! Design the brake as an operating brake. Ensure that the drive is brought to a standstill before "STO" becomes active.

07 Fault General error message. For details see BU 0250

39 STO inactive This function depicts the reaction of the "safe pulse block".

The signal drops (High Low) when STO and Safe Stop are active.


32 BU 0235 en-2917

6.1.2 Additional parameters

P506 Automatic fault acknowledgement S

Description Automatic acknowledgement of fault messages. (For details see BU 0250) Note Automatic error acknowledgement should not be used in association with a safety

function. Setting values 0 = Detection is disabled

P550 EEPROM copy order

Description The data sets saved in the internal EEPROM and in the Memory Module can be copied between the devices. This includes a PLC program that is present on the device.

Note Only valid with option: "-EEP" (plug-in EEPROM): The device always uses the data record which is saved in the internal EEPROM. WARNING! Loss of safe function. After parameters have been copied the safe

functions must be revalidated. This is the only way to ensure that the safety functions operate correctly.

Setting values Value Meaning

0 No change

1 External Internal The data set is copied from the memory module (external EEPROM) to the internal EEPROM.

2 Internal External The data set is copied from the internal EEPROM to the memory module (external EEPROM).

3 External Internal Exchange data sets, the data sets are exchanged between the two EEPROMs

P559 DC run-on time S P

Setting range 0.00 ... 5.00 s

Description Completion of a braking action by temporary connection of a DC voltage to the motor connection terminals. (For details see BU 0250)

7 Operating status messages

BU 0235 en-2917 33

7 Operating status messages

The majority of frequency inverter functions and operating data are continuously monitored and simultaneously compared with limiting values. If a deviation is detected, the inverter reacts with a warning or an error message.

Basic information on this topic is contained in the manual for the device.

All faults or reasons which may result in a switch-on block of the frequency inverter and which are associated with the STO function are listed below.

WARNING Loss of safe function In case of an EEPROM fault, the digital input functions (DIN1 / DIN4) "Block Voltage" and "Fast Stop" may not function or may function incorrectly.

After an EEPROM fault, the digital inputs associated with safety functions must be revalidated. This is the only way to ensure that the safety functions operate correctly.

Error messages

Display in the SimpleBox / ControlBox Fault

Text in the ParameterBox Cause

• Remedy Group Details in P700 [-01] / P701

E008 8.0 Parameter loss (maximum EEPROM value exceeded)

Error in EEPROM data • Software version of the stored data set not

compatible with the software version of the FI. NOTE: Faulty parameters are automatically reloaded

(default data). • EMC interferences (see also E020)

8.1 Inverter type incorrect • EEPROM faulty

8.2 Reserved

8.3 EEPROM KSE error (Customer unit incorrectly identified (customer’s interface equipment))

The upgrade level of the frequency inverter was not correctly identified.

• Switch mains voltage off and on again.

8.4 Internal EEPROM error (Database version incorrect)

8.7 EEPR copy not the same

E018 18.0 Safety circuit While the frequency inverter was enabled, the Safe Pulse Block safety circuit was triggered.


34 BU 0235 en-2917

Switch-on block messages

Display in the SimpleBox / ControlBox Reason:

Text in the ParameterBox Cause

• Remedy Group Details in

P700 [-03]

I018 18.0 STO active The Safe Pulse Block safety circuit has been triggered. A connected motor does not produce any torque.

Status information

It is possible to access status information by means of the ParameterBox, SimpleBox or via a field bus. This information is not provided on a fail-safe basis, but rather only for information purposes!

The status of the "Safe Pulse Block" and the digital inputs and outputs can be accessed via the information parameters and if necessary by means of the status word with communication via a field bus.

In order to be able to query the reaction of the "Safe Pulse Block", the digital output, a Bus Out bit or a free bit of the status word (Bit 10 or Bit 13) must be assigned the function “39" (STO inactive). The status of this bit can be read out via the parameters P711 ("Relay Status") P741 [-01] ("Status Word" or P741 [-05] (“Bus Out Bits") or transferred via the bus protocol.

For the "Safe Pulse Block" both the status of the input terminals (24V_SH, GND_SH) as well as the reaction of the Safe Pulse Block can be queried.

8 Additional information

BU 0235 en-2917 35


8.1 Protective switching devices

The safety switching device used for the intended purpose, as well as all additional components required to implement a safety function, must fulfil the requirements of the special application in accordance with the risk analysis.

The switching device outputs must fulfil the following basic conditions.

8.1.1 Output voltage The stated voltage must be connected to the input terminals of the frequency inverter i.e. the voltage drop in the cable which is used must be taken into account

• Mechanical protective switching device

24 V ± 25 % (18 V…30 V)

• Electronic protective switching device with OSSD outputs

24 V - 20 % / + 25 % (19.2 V…30 V) for the "safe pulse block"

8.1.2 Switching capacity and current load The safety outputs of the switching devices must be designed for the loads stated below.

Load per connected frequency inverter “Safe Pulse Block”

Continuous current (mean value) ≤ 125 mA Switch-on current ≤ 500 mA, for t ≤ 2 ms Support capacitance (downstream of inverse polarity protection) 20 μF Peak current after an OSSD test pulse (periodic) ≤ 500 mA, for t ≤ 300 μs

Information Increased current on switch-on or after a test pulse from an OSSD

Due to the support capacitors of the safe shut-down method, there is an increased current consumption on switch-on and after a test pulse from an OSSD. The "safe pulse block" is equipped with an active current limiter in order to reduce the load on safety outputs to a minimum.


36 BU 0235 en-2917

8.1.3 OSSD outputs, test pulses • toff ≤ 0.5 ms (width of test pulse)

Maximum time in which the output of the protective switching device is switched off for test purposes.

• D ≥ 90 % (duty, switch-on ratio)

The supply voltage is applied for at least 90% of the time i.e. for a test pulse of toff=0.5 ms, the supply voltage is subsequently connected for at least ton=4.5 ms.

• Double pulses are permissible if the two pulses are at least 1µs apart and the condition for D is fulfilled.

Permissible test pulses for an OSSD

The following sequence results at maximum pulse width:

– First test pulse with toff= 0.5 ms, – Subsequently the supply voltage is applied for 0.5 ms, – Followed by the second test pulse with toff= 0.5 ms, – After this the supply voltage is applied for at least 8.5 ms!


BU 0235 en-2917 37

8.2 Safety categories

8.2.1 IEC 60204-1:2005 (German version EN 60204-1:2006)

The requirements of a Category 0 and Category 1 stop function can be fulfilled by the "safe pulse block".

The controlled braking of a Category 1 stop function is not fail-safe via the standard functions of the frequency inverter. The switch-over to the stop function of Category 0 is fail-safe.

8.2.2 IEC 61800-5-2:2007 (German version EN 61800-5-2:2007)

The requirements for the functions "Safe Torque Switch Off" (STO) and "Safe Stop 1" (SS1) can be fulfilled with the shut-down method "Safe Pulse Block.

With the function SS1, there is no safe monitoring of motor speed reduction or motor speed reduction by the frequency inverter. If a risk analysis has shown that monitoring is necessary, this must be carried out via an external safe control unit. The solutions for the function SS1 described in the examples correspond to characteristics as per IEC 61800-5-2:2007, Section 4.2.2.3, Paragraph c) "Triggering of motor speed reduction and triggering of the STO function after an application-specific time delay". The motor speed reduction is carried out via the standard functionality of the frequency inverter and is not fail-safe. The switch-over to the STO function is fail-safe.

8.2.3 IEC 61508:2010 (German version EN 61508:2010)

For the safety-relevant stop functions STO and SS1 (designation as per IEC 61800-5-2:2007), frequency inverters with the safe shut-down methods according to this manual fulfil the requirements for SIL 3. The controlled braking action of the stop function SS1 does not have SIL capability.

( Section 9.1 "Data for the Safe Pulse Block")

Information Digital inputs The digital inputs do not have SIL capability


38 BU 0235 en-2917

8.2.4 ISO 13849-1:2015 (German version EN ISO 13849-1:2016) For the safety-relevant stop functions, STO and SS1 (designation as per IEC 61800-5-2:2007), frequency inverters with the safe shut-down methods according to this manual fulfil the requirements for Performance Level e. With this, Safety Category 4 can be achieved.

( Section 9.1 "Data for the Safe Pulse Block")

The digital inputs (DIN1 / DIN4) which are used for the implementation of safety-relevant stop functions are primarily intended as auxiliary inputs and can fulfil the requirements of Safety Category 1 and Performance Level c.

( Section 9.2 "Data for digital inputs")

Information Evaluation of safety function The values stated in the Technical Data ( Section 9 "Technical Data") only refer to the stated inputs or shut-down methods.

The components which are additionally required for the implementation of a safety function, such as a protective switching device, an emergency stop button etc. must also be taken into account for the evaluation of the safety function. The resulting safety-relevant data can be significantly influenced by these components.

9 Technical Data

BU 0235 en-2917 39

9 Technical Data

The Technical Data from the frequency inverter manual (BU 0250) apply!

In deviation from this:

Function Specification

Max. installation altitude above sea level

≤ 2000 m

The following technical data also apply.


40 BU 0235 en-2917

9.1 Data for the Safe Pulse Block Function Specification

Input voltage + 24 V Voltage tolerance ± 25 % (18 V … 30 V) Operation at OSSD - 20 % … + 25 % (19,2 V … 30 V) Power consumption ≤ 125 mA (mean value) Peak current ≤ 500 mA (peak, when switching on or on the OSSD)

Cable length ≤ 100 m Line capacitance ≤ 20 nF per connected frequency inverter

(≤ 4 nF * t_OSSD / 0.1 ms (with t_OSSD max. 0.5 ms)) Switch-on delay ≤ 200 ms Response time ≤ 300 ms (≤ 65 ms typical) Cycle time ≥ 1 s Requirements for OSSDs Test pulse width ≤ 500 µs Duty (High level) ≥ 90 % Time between double pulses ≥ 1 ms (observe the duty factor) Safety integrity level (IEC 61508)

SIL 3

Probability of a hazardous failure per hour

PFH = 0

Probability of a hazardous failure on call-up

PFD = 0

Proportion of safe failures

SFF = 100 %

Safety category Category 4 (as per EN ISO 13849-1) Performance Level (as per EN 13849-1)

PL e

Mean time until a hazardous failure

MTTFd = "High" (>100 years)

Degree of diagnostic coverage (DC)

cannot be established (PFH=0)

Lifetime TM = 20 years

9 Technical Data

BU 0235 en-2917 41

9.2 Data for digital inputs (Only valid for digital inputs: DIN1 and DIN4)

Function Specification

Input voltage + 24 V Voltage tolerance +- 37,5 % … + 25 % (15 V … 30 V) High level (VT+) 15 V … 30 V Low level (VT-) 0 V … 5 V Input resistance ≈ 9.5 kΩ (for Low level)

≈ 2.5 kΩ…3.5 kΩ (for High level) Input capacitance 10 nF Scan time ≤ 1 ms Response time ≤ 5 ms Requirements for OSSDs Test pulse width ≤ 500 µs Duty (High level) ≥ 90 % Time between double

pulses ≥ 1 ms (observe the duty factor)

Safety integrity level (IEC 61508)

The digital inputs do not have SIL capability

Probability of a hazardous failure per hour

PFH < 700 FIT

Proportion of safe failures

SFF > 72 %

Safety category Category 1 (as per EN ISO 13849-1) Performance Level (as per EN 13849-1)

PL c

The mean time until a hazardous failure

MTTFd = "High" (>100 years)

Degree of diagnostic coverage (DC)

No DC

Lifetime TM = 20 years


42 BU 0235 en-2917

10 Appendix

10.1 Repair information In order to keep repair times as short as possible, please state the reasons for the return of the device and at least one contact partner in case of queries.

In case of repairs, please send the device to the following address:

NORD Electronic DRIVESYSTEMS GmbH Tjüchkampstraße 37

26606 Aurich, Germany

Information Third party accessories Before returning a bus interface and/or a frequency inverter, please remove any external accessories such as mains cables, potentiometers, external displays, etc., which were not supplied by Getriebebau NORD GmbH & Co. KG No liability can be accepted by Getriebebau NORD GmbH & Co. KG for devices which are returned with third party accessories.

Information Accompanying document Please use the filled-in accompanying document for returns, You can find this on our homepage www.nord.com or directly under the link Warenbegleitschein.

For queries about repairs, please contact:

Getriebebau NORD GmbH & Co. KG

Tel.: +49 (0) 45 32 / 289-2515

Fax: +49 (0) 45 32 / 289-2555


https://www.nord.com/cms/media/documents/forms/ServiceNote_DE.pdf

10 Appendix

BU 0235 en-2917 43

10.2 Service and commissioning information In case of problems, e.g. during commissioning, please contact our Service department:

+49 4532 289-2125

Our Service department is available 24/7 and can help you best if you have the following information about the device (e.g. frequency inverter) and its accessories (e.g. bus interface) to hand:

• Type designation, • Serial number, • Firmware version

10.3 Documents and software Documents and software can be downloaded from our website www.nord.com .

Other applicable documents and further information

Documentation Contents

BU 0250 Manual for field distribution system frequency inverter NORDAC LINK SK 250E-FDS .. SK 280E-FDS

BU 0000 Manual for use of NORD CON software BU 0040 Manual for use of NORD parameterisation units

Software

Software Description

NORD CON Parametrisation and diagnostic software

10.4 Certificates The relevant certificates for "Functional Safety" can be downloaded from our internet page www.nord.com

Certificates

Documentation Contents

C330704 Certificates for frequency inverters with "Safe Shut-down Methods" for frequency inverters NORDAC Link SK 260E-FDS/ SK 280E-FDS


https://www.nord.com/cms/en/documentation/manuals/details_1139/detail_103751.jsp



https://www.nord.com/cms/en/documentation/software/nordcon/NORD-CON-Download.jsp


https://www.nord.com/cms/endocumentation/certificates/details_1151/detail_109696.jsp


44 BU 0235 en-2917

10.5 Abbreviations

• AS-i AS Interface • BW Braking resistor • DIN Digital input • DOUT Digital output • EMC Electromagnetic compatibility • FI Frequency inverter • GND Earth • OSSD Output Signal Switching Device • P Parameter set dependent parameter, i.e. a parameter which can be assigned different

functions or values in each of the 4 parameter sets of the frequency inverter. • S Supervisor parameter, i.e. A parameter which is only visible if the correct Supervisor

Code is entered in parameter P003 • SH "Safe Stop" (functional safety) • SS1 "Safe Stop 1“ • STO Safe Torque Off, torque safely switched off • SW Software or firmware version of the frequency inverter (can be displayed in parameter

P707)

Key word index

BU 0235 en-2917 45

Key word index

A

Accompanying document .............................. 42

Auto. Fault acknowledgement (P506) ........... 32

Automatic starting (P428) .............................. 30

C

Certificates ..................................................... 43

Commissioning .............................................. 26

SS1 ............................................................ 27

STO ............................................................ 27

Controlled braking ......................................... 12

D

DC run-on time (P559) .................................. 32

Digital inputs .................................................. 11

Digital inputs (P420) ...................................... 30

Digital output function (P434) ........................ 31

Documents

other applicable .......................................... 43

E

EEPROM copy order (P550) ......................... 32

EMC ............................................................... 24

Example ......................................................... 25

SS1 ............................................................ 15

STO ............................................................ 13

Exclusion of faults .......................................... 18

F

Function BusIO Out Bits (P481) .................... 31

I

IEC 60204-1

2005 ........................................................... 37

IEC 61508

2010 ........................................................... 37

IEC 61800-5-2

2007 ........................................................... 37

ISO 13849-1

2015 ........................................................... 38

M

mechanical brake .......................................... 12

Messages

Fault........................................................... 33

Operating status ........................................ 33

O

OSSD ...................................................... 24, 35

P

Parameters ................................................... 29

Protective switching devices ......................... 35

Q

Quick stop time (P426) ................................. 30

R

Repair ........................................................... 42

Restart block ................................................. 16

Returns ......................................................... 42

S

Safe pulse block ............................................ 24

Safe Pulse Block

Example .................................................... 25

Safe Pulse Lock

OSSD ........................................................ 24

Safe shut-down method

Safe Pulse Block ....................................... 24

Safety functions

Safe Stop 1 ................................................ 12

Safe torque switch-off................................ 12

SS1 ............................................................ 12

STO ........................................................... 12

Scope of Application ....................................... 4

Software ........................................................ 43

SS1 ............................................................... 12

commissioning ........................................... 27

example: .................................................... 15

Standard

IEC 13849-1

2015 ....................................................... 38


46 BU 0235 en-2917

IEC 60204-1

2005........................................................ 37

IEC 61508

2010........................................................ 37

IEC 61800-5-2

2007........................................................ 37

STO ............................................................... 12

commissioning ........................................... 27

Example .................................................... 13

T

Technical Data .............................................. 39

V

Validation ...................................................... 28

Key word index

BU 0235 en-2917 47

607

2352

/ 29

17